How to Fix Mobile Payments

Leather wallets should be so yesterday by now. After all, today’s mobile tech is advanced enough to let us ditch that cowhide in favor of a virtual wallet from the likes of Google or PayPal, letting us purchase items in-person with a smartphone. But that’s not all. Virtual wallets also give you instant access to coupons and loyalty programs, meaning you’ll never have to open another weekly circular or attach another piece of plastic to your key chain again.

According to Forrester Research, 50 percent of smartphone owners are interested in using in-store mobile payment options. So why aren’t more people using mobile payments yet? Like any new technology, virtual wallets are going through serious growing pains. From conflicting formats and usability issues to security worries, there are a lot of reasons why mobile banking seems to be stuck in neutral.

NFC or Cloud?

Like Blu-ray and HD-DVD, the mobile payment industry is in the midst of a format war. There are two forms of virtual wallet vying for your attention: NFC-based solutions and cloud-based services. The difference between the two formats has to do with where your payment information is stored.

With mobile wallets, your payment information is stored on your smartphone or other NFC device in a special chip referred to as the secure element. This chip is locked down by a continuously changing code that makes hacking it nearly impossible. NFC solutions such as Google Wallet let users pay for items by simply tapping their device to a cardless credit card terminal, automatically transferring funds from a credit card or checking account to the appropriate merchant. Users also have the ability to save their loyalty cards and coupons to a mobile wallet app, which can then be used just as their physical counterparts would.

But NFC-based mobile wallets face significant drawbacks, chief among them the limited number of compatible handsets and merchant point of sale terminals. The vast majority of phones on the market don’t have onboard NFC chips. And while you may see tap-to-pay terminals at your local gas station or grocery store, many merchants have yet to install them in their shops. Without either an NFC-enabled device or sales terminal that accepts NFC, your mobile wallet is essentially useless.

With cloud-based wallets, your banking information is saved in the cloud, where it can be accessed from your smartphone, laptop, tablet or any other Internet-enabled device. Say, for example, you want to buy a lawn mower at Home Depot. If the store accepts a digital wallet app, you can type your phone number into the point of sale terminal and your checking account will automatically be charged.

As NFC-based solutions struggle to gain traction, cloud-powered solutions are gaining more momentum behind the scenes. “When you talk about secure elements and hardware-based digital wallets, it seems that is still an area of focus for the mobile carriers and/or device manufacturers,” said Rick Oglesby, senior analyst with Aite Group. “But the rest of the market seems to be going away from this toward cloud-based solutions.”

Payment Players

Like any good format war, both NFC and cloud payments have their own big-name backers. The biggest name carrying the NFC banner is ISIS. The company, which is backed by three of the Big Four U.S. carriers (AT&T, T-Mobile and Verizon Wireless), will allow users to pay for items using specific Chase Bank, American Express, Capital One and Barclays cards. ISIS also allows users to add coupons and their own loyalty and rewards cards to their virtual wallet. Users add loyalty cards via the ISIS Read Pay & Save merchant directory. Coupons are added using the Clip To ISIS button on participating merchants’ websites. ISIS truly has the potential to make your smartphone your one and only wallet.

To use the service, however, consumers must have an ISIS-enabled, NFC-equipped smartphone. “From an ecosystem perspective, if you are talking about NFC-based payments, both the consumer and the merchant have to have hardware that can support those payments and very few on either side do,” explained Denée Carrington, senior analyst with Forrester Research. “So that’s certainly a hurdle for now. And a strong kind of critical mass on either side isn’t likely to happen until 2015 or 2016.”

Carrington said there will be significant ramping up in the meantime, but it will take “another three to four years before there is significant usage of NFC payments in the marketplace.”

Despite these limitations, ISIS representatives say they are confident that NFC is the best method to enable mobile payments. “We believe NFC is the most secure technology to modernize the payments process. A combination of hardware and software — as opposed to vulnerable software-only solutions — provide the best security protections for consumers and merchants,” said ISIS spokeswoman Catherine Sherman.

On the opposite side of the spectrum are cloud-based digital wallets from the likes of PayPal and Square. Both solutions can be connected to a user’s bank account and used at many participating merchants. Unlike NFC-based solutions, PayPal and Square don’t require consumers to purchase any additional hardware to use either service, and support iOS 4 and higher devices and Android 2.2 and higher handsets. Merchants who choose Square will, however, need to purchase additional hardware to use the service. Square also limits users by only allowing them to connect one bank account.

PayPal’s digital wallet is a mobile extension of the popular Web-based payment platform. Users download the app and can select PayPal as a payment method at a merchant’s sales terminal and enter the mobile phone number linked to their account to complete their purchase. If a store is having a sale, the PayPal app will automatically apply any coupons to your purchase, explained Anuj Nayar, PayPal senior director of communications.

The advantage of services like PayPal is that they allow users to access their account from any Web-connected device. NFC-based mobile wallets are bound to the hardware on which they reside. “Digital wallets don’t live on any one device, they live in the cloud,” Nayar said. “You can access that same wallet from any device. You can access it from your computer, mobile device or a kiosk in a store.”

Google Wallet Grows Up

For now, the biggest name in the virtual wallet space is Google Wallet, which pioneered mobile payments for Sprint customers way back in the summer of 2011. At launch, Google Wallet focused mostly on NFC technology but the service has since evolved to rely more on the cloud. Google Wallet allows users to pay by using both NFC-enabled contactless payment terminals as well as purchasing items online at participating websites much like PayPal. When used in stores, Google Wallet will also automatically apply Google Offers deals at participating merchants without ever having to clip another coupon. Wallet essentially attempts to offer the best of both worlds for consumers.

When it first launched in 2011, Google Wallet was only available on one Sprint device, the Samsung Galaxy Nexus. Google also limited the number of payment cards consumers could connect to their Wallet account. Since then, Google has revamped Wallet to include Virgin Mobile and added a host of Google Wallet-compatible devices to its lineup, including the LG Viper 4G LTE. Still, Google Wallet doesn’t enjoy the kind of backing from wireless carriers such as AT&T, T-Mobile and Verizon Wireless that ISIS does.

But according to Aite Group’s Oglesby, Google’s move to the cloud should prevent it from being usurped by ISIS. “Wallets can operate from the cloud, and Google Wallet has moved there, so they don’t really need the support of the carriers,” Oglesby explained. “They can get people signed up for Google Wallet via their own distribution channels, including the Android Marketplace, which is a powerful wallet distribution channel. So, yes, I do think that [Google Wallet] can take off without support from the carriers.”

Security Concerns

The most pressing concern for consumers when it comes to virtual wallets is how secure they are. According to Forrester’s Carrington, as much as 37 percent of early mobile payment adopters say they are very concerned. Just 9 percent of survey respondents said they were not concerned.

As previously mentioned, NFC- enabled smartphone solutions such as ISIS use a secure element chip stored on a user’s phone to keep payment information safe. Google Wallet and ISIS users can also remotely lock or wipe their payment information if they ever lose their phone.

According to Derek Halliday, senior product manager of security with Lookout Security, one of the inherent security benefits of NFC-based solutions such as Google Wallet and ISIS is that NFC signals have a very short range. Hackers have demonstrated that criminals can take information from an NFC device in a person’s pocket by rubbing an NFC reader past it, but Halliday said doing so requires that the hacker be very close to you while your phone and payment app are running and open.

Both Google Wallet and ISIS offer users the ability to set a password PIN that must be entered to complete a transaction, making hacking difficult.

Google, which previously saved payment information on users’ devices like ISIS, has taken the further step of moving user information to the cloud, Robin Dua, head of product management for Google Wallet, said. “Cards are securely stored on our servers in the cloud and protected with financial-grade security measures that data processors or banks use to protect card information and personal information.”

Cloud-based digital wallets such as PayPal offer similar protections against hacking, storing users’ financial information on secure servers. According to PayPal, transactions are also monitored 24/7 for any suspicious activity.

There’s nothing guaranteeing that either NFC- or cloud-based solutions are completely safe from hackers and other criminals. But with the safety measures these providers offer, users should feel confident that their financial data won’t fall into the wrong hands.

“The biggest risk is that consumers aren’t fully aware of the precautions associated with this technology and aren’t diligent about the general security of their phone,” said Lookout co-founder Kevin Mahaffey. “This comes down to the normal things like PIN locking their phone.”

The Long Wait

So when can you expect to start using virtual wallets in place of your standard credit or debit card? Unfortunately, you’re going to have to be patient. PayPal’s mobile solution is still in its early testing phases at Home Depot stores, while ISIS is finally in the trial phase.

Initially set to begin a trial run in August, ISIS pushed back the date to September. That date was then extended to Oct. 22. When asked about the reason behind the delays, an ISIS spokesperson said, “We’re working through a final punch list of things to ensure a great consumer experience and seamless partner integration. The list is short, but a few pieces require additional time.”

Perhaps the biggest hurdle facing the movement to virtual wallets is the fact that they aren’t yet a necessity. “There has to be a compelling reason for consumers to use it,” Carrington said. “There’s nothing wrong with using a credit card today. There has to be a compelling reason even for early adopters beyond just the novelty.”